new_argc is prone to integer overflow

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new_argc is prone to integer overflow

From:	exploit dev
Subject:	new_argc is prone to integer overflow
Date:	Sat, 21 Dec 2024 19:22:40 +0100

Hello,

I have noticed while auditing tar decode_options() function, that new_argc is prone to integer overflow.

In the case of handling arguments, if no "-" is provided and the arguments provided are near max_int it will overflow resulting in under-allocation of the new_argv[].

In practice this probably can't happen since default ARG_MAX will be exceeded when testing.

This might be complete nonsense but I would like to know your take on this.

[Prev in Thread]

Current Thread

[Next in Thread]

new_argc is prone to integer overflow, exploit dev <=
- Re: new_argc is prone to integer overflow, Paul Eggert, 2024/12/21

Prev by Date: tar extraction fails on a CIFS file system, due to a symlink
Next by Date: Re: new_argc is prone to integer overflow
Previous by thread: tar extraction fails on a CIFS file system, due to a symlink
Next by thread: Re: new_argc is prone to integer overflow
Index(es):
- Date
- Thread